With increasingly mobile workforces, there has been a rapid proliferation in the use of mobile wireless handheld devices, such as Blackberry™, iPhone™ and other smart phones, for both voice communications and email communications.
Although smart phones are widely used for access to corporate email, which is one of the most common business tasks, current interfaces provide limited, if any, access to internal corporate file systems and other document storage resources within an organization's corporate network (intranet).
For example, although a Blackberry user can view email and attachments stored in the user's Blackberry inbox, the user will not be able to view documents located in the office, e.g. stored on a file server, and a user cannot access such a document to attach and email via a Blackberry or other mobile wireless handheld device. Users receiving an email containing a link to a document stored within a corporate network are not able to access that document on their handheld device. There may also be limitations on viewing email attachments in a convenient format on a small screen. Moreover, since access is provided only to information stored in the user's mail box, when a user needs an email message or attachment which is older than a default storage limit, typically 6 months, very often it is not still in the user's Blackberry inbox.
Access to a data network or host network, such as a secure enterprise network by mobile users may also be restricted, or not be permitted, for business and security reasons.
For good reason, many organizations are concerned about security of wireless communications “over the air”, and do not permit remote or mobile access to a secure corporate network (intranet), except through a secure channel or tunnel, such as provided by a conventional virtual private network (VPN). Organizations may restrict access from mobile devices and/or require employees and authorized users to use only approved enterprise enabled wireless hand handheld devices, e.g. a Blackberry or smart phone which connects to a Blackberry Enterprise Server (BES) managed within the corporate network, and which provides appropriate security and access controls specifically for voice and email services.
There are certain unique security concerns inherent in a mobile wireless operating environment.                Data travels over shared, public and sometimes open networks        Mobile handhelds may be misplaced or stolen, exposing sensitive information        A mobile device represents a potentially unmanaged point-of-entry into the network.        Worms and viruses may be transferred to a corporate internal network via tunnels created using mobile VPN technology.        
Remote wireless access to an enterprise network from a handheld or a laptop, or downloading of information to a mobile device may be undesirable, or not permissible for other legal or security reasons, e.g. where there is cross-border restriction on information transfer, export controls, or regional differences in compliance with privacy laws or other regulatory requirements.
Users working remotely and/or travelling with a laptop, and requiring secure access to a corporate network to retrieve documents or information, typically need to find access to the interne (e.g. via a suitable wired connection or wireless access point), and then are required to set up a secure link to the corporate network (intranet) e.g. through a conventional VPN. For security reasons, enterprises managing such a computer network restrict access to network resources only to authorised users within the network, or users logged on through a secure link or tunnel such as a VPN, which require appropriate authentication of the user. When the user has access to the intranet via a conventional VPN gateway, access policies may be applied to manage access to permitted resources. Each user, e.g. employees or other authorized users, may therefore be provided with different access privileges associated with each of the various types of resources within a corporate network, e.g. an email server (Exchange server), an application server (e.g. SharePoint); file storage (servers, WebDAV). However, wireless mobile users cannot access various types of network resources in this manner.
Indeed, many organizations seek a way to restrict or expose only certain resources to mobile devices. For example, an organization may not wish to present or make accessible the same resources that would be accessible via a desktop, or laptop on a VPN, but would rather present only a subset of these resources to mobile users.
However, existing systems do not provide an appropriate interface for managing secure access to enterprise resources of these different types via a smart phone or other wireless mobile device, and mobile devices do not currently provide a way of getting a list of different accessible resources within an existing network.
Consequently, although a mobile user may access email and files received by email as email attachments, a user of a mobile device, such as a Blackberry, smart phone or other PDA or mobile computer or communications device connected to a wireless communications network, i.e. via a service provider cellular phone/data network, has been unable to directly access other enterprise network resources to retrieve data files. Thus, a mobile user has not been able to access document repositories, such as SharePoint, or even open a link within an email to download documents from a file server. Often, a mobile user may have to resort to contacting the office by phone or email to have someone access documents which are stored on a secure corporate network (intranet) and arrange to have the documents delivered to them, e.g. by fax or email. For users working across time zones, the need to contact someone back at the office to obtain documents or information may result in time delays, or perhaps an inconvenient wait until the next business day for a response.
Thus, it is desirable to enable access to other network resources via a mobile device with appropriate management of security.
More recently, where limited security or functionality is acceptable, several companies have proposed solutions that attempt to overcome some aspects of the above-mentioned problems. These include, for example, Pocket VPN™ by WICKSoft™, RepliGo™ by Cerienc Inc. and Cortado, a division of ThinPrint GmbH. Pocket VPN provides mobile access for text viewing of documents on Windows file servers; Cortado provides access to documents on Windows file servers only, by providing authorized users with access to files on a designated corporate drive in their corporate network (i.e. Bob sees documents on X: drive, and Susan sees Z: drive) for viewing, printing, or faxing of documents without need for download. RepliGo provides document conversion and management which is primarily directed to facilitating viewing and access to documents on mobile devices, and printing. Document access is managed by designating shared folders for access by authorized users. However, filters are not provided and thus all authorized users see all of the shared folders on the network and can view all files. The latter solutions may, therefore, bypass or override security policies which exist within an enterprise network, putting sensitive information at risk. On the other hand, in other solutions, access may be unnecessarily restricted to resources that are not supported or made accessible by the limited scope of functionality of the specific application.
Thus, these solutions do not provide a network administrator or IT manager with a desired or appropriate level of control of access policy for individual users of wireless mobile devices, and which is compatible with a wide range of network infrastructures. Known solutions also do not provide mobile users with a convenient way of accessing a listing of available resources as they would be able to do when logged on with intranet access to their internal enterprise network.
Therefore, improved or alternative solutions are desirable to overcome the limitations of current wireless handheld devices, systems and methods for accessing network resources in a secure manner, and to facilitate remote working in an enterprise environment requiring an acceptable and appropriate level of security.
The present invention seeks to overcome, or ameliorate, one or more of the above-mentioned disadvantages, or at least provide an alternative.